rahlquist
Redeye
join:2001-10-30
Villa Rica, GA
| Spambot trackback spam attack
Hey folks,
I am currently being slowly but steadily attacked from multiple IP's that are trying to inject trackbacks to spam sites such as;
While I do have the attack under control for now using fail2ban on the server this is happening to (I modfied a default filter to ban any IP's hitting the /trackback/ on my site since I disabled it), what I would like to know is this.
As it stands I have a list of over 140 ip's that are comprimised zombies, is there anything that can be done to get these owners to clean these up short of doing a whois on each IP and trying to find a contact?
--
Fed Up With Stupidity?
Patentlystupid.com |
|
Its a Secret
Never mind
Premium
join:2008-02-23
Calgary, AB
edit:
March 27th, @12:20AM
| Probably bots and unknown to the hosts. Just use software and router blocks to CYA. Good luck.
PS-Have you notified your ISP? Also, try changing your router ip.
(edited for comments) |
|
rahlquist
Redeye
join:2001-10-30
Villa Rica, GA
| said by Its a Secret  :Probably bots and unknown to the hosts. Just use software and router blocks to CYA. Good luck. PS-Have you notified your ISP? My host is aware of the situation and has been helpful and is willing to do what they can. The problem is its a blog site and they were successful at first so they have tossed a good many zombies at this task. |
|
Its a Secret
Never mind
Premium
join:2008-02-23
Calgary, AB | reply to rahlquist
As we were posting at the same time, try changing the ip of your router? It may help. |
|
rahlquist
Redeye
join:2001-10-30
Villa Rica, GA
| its a server, not gonna be changing IP's they are hitting me by domain name anyway, if they were hitting by IP they would hit my primary domain, not this one. (virtual named domains in apache).
More interested in getting the compromised machine owners to fixing their boxes than anything else, as it sits their impact on my machine now is minimal. I just want to be able to end it now that the problem is identified. |
|
